HealthEC Data Breach Settlement Approved: $5.48M Fund for Affected Patients
On January 20, 2026, a U.S. court granted final approval to a $5.48 million class action settlement resolving claims against HealthEC LLC and four affiliated healthcare organizations Community Health Care Systems Inc., Corewell Health, MD Valuecare LLC, and Oakwood Accountable Care Organization LLC. The settlement stems from a December 2023 data breach that exposed the personal and protected health information of approximately 1.52 million individuals.
Eligibility and Compensation
Patients whose data was compromised in the breach may qualify for financial compensation or credit monitoring, provided they received a settlement notice by email or mail. The class includes all affected individuals, regardless of whether they experienced identity theft or fraud, with a separate subclass for California residents as of July 14, 2023.
Compensation options include:
- Reimbursement for out-of-pocket losses (e.g., fraud-related expenses, credit freeze costs, or credit monitoring purchases).
- Lost time compensation (up to 10 hours at $25/hour for those with qualifying losses, or up to 4 hours for those without).
- Alternative cash payments ($25 for non-California residents, $50 for California residents).
- Three years of free Medical Shield Complete, a service offering dark web monitoring, credit monitoring, and $1 million in identity theft insurance.
If total claims exceed the settlement fund, payments will be reduced proportionally. Conversely, leftover funds may increase payouts.
Claim Process and Deadlines
Eligible individuals can file claims online or by mail, with documentation required for out-of-pocket loss and lost time claims. The deadline to submit claims, request exclusions, or object to the settlement is November 18, 2025. Payments will be distributed after final approval and resolution of any appeals, with the first disbursements issued on March 24, 2026.
Settlement Fund Allocation
The $5.48 million fund covers:
- $333,250 for settlement administration costs.
- Up to $1.86 million in attorneys’ fees.
- Undetermined amounts for attorneys’ expenses and Medical Shield Complete services.
- Up to $2,500 each for class representatives.
- The remaining balance for eligible claimants.
Background
The lawsuit alleged that HealthEC and its co-defendants failed to adequately protect sensitive patient data, leading to the breach. While the defendants denied wrongdoing, they agreed to settle to avoid prolonged litigation. The incident underscores ongoing vulnerabilities in healthcare data security.
Source: https://www.claimdepot.com/settlements/healthec-settlement
HealthEC, LLC cybersecurity rating report: https://www.rankiteo.com/company/healthec
Corewell Health cybersecurity rating report: https://www.rankiteo.com/company/corewell-health
"id": "HEACOR1774651954",
"linkid": "healthec, corewell-health",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1.52 million individuals',
'industry': 'Healthcare',
'location': 'United States',
'name': 'HealthEC LLC',
'type': 'Healthcare Technology'},
{'customers_affected': '1.52 million individuals',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Community Health Care Systems Inc.',
'type': 'Healthcare Organization'},
{'customers_affected': '1.52 million individuals',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Corewell Health',
'type': 'Healthcare Organization'},
{'customers_affected': '1.52 million individuals',
'industry': 'Healthcare',
'location': 'United States',
'name': 'MD Valuecare LLC',
'type': 'Healthcare Organization'},
{'customers_affected': '1.52 million individuals',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Oakwood Accountable Care Organization LLC',
'type': 'Healthcare Organization'}],
'customer_advisories': 'Settlement notices sent to affected individuals with '
'compensation options and deadlines.',
'data_breach': {'number_of_records_exposed': '1.52 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal information',
'Protected health information']},
'date_detected': '2023-12-01',
'date_publicly_disclosed': '2026-01-20',
'date_resolved': '2026-03-24',
'description': 'A U.S. court granted final approval to a $5.48 million class '
'action settlement resolving claims against HealthEC LLC and '
'four affiliated healthcare organizations due to a December '
'2023 data breach that exposed the personal and protected '
'health information of approximately 1.52 million individuals.',
'impact': {'brand_reputation_impact': 'Undermined trust in healthcare data '
'security',
'data_compromised': 'Personal and protected health information',
'financial_loss': '$5.48 million settlement fund',
'identity_theft_risk': 'High (1.52 million individuals affected)',
'legal_liabilities': 'Class action settlement'},
'investigation_status': 'Settled',
'lessons_learned': 'The incident underscores ongoing vulnerabilities in '
'healthcare data security and the importance of adequate '
'data protection measures.',
'post_incident_analysis': {'root_causes': 'Alleged failure to adequately '
'protect sensitive patient data'},
'references': [{'date_accessed': '2026-01-20',
'source': 'Court settlement approval'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit'},
'response': {'communication_strategy': 'Settlement notices sent via email and '
'mail',
'enhanced_monitoring': 'Three years of free Medical Shield '
'Complete (dark web monitoring, credit '
'monitoring, and identity theft '
'insurance)'},
'title': 'HealthEC Data Breach Settlement Approved: $5.48M Fund for Affected '
'Patients',
'type': 'Data Breach'}